Secure Multiple SBoxes Implementation with Arithmetically Masked Input

  • Luk Bettale
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7771)


The building blocks of several block ciphers involve arithmetic operations, bitwise operations and non-linear functions given as SBoxes. In the context of implementations secure against Side Channel Analysis, these operations shall not leak information on secret data. To this end, masking is a widely used protection technique. Propagating the masks through non-linear functions is a necessary task to achieve a sound and secure masked implementation. This paper describes an efficient method to securely access N SBoxes when the N inputs are encoded as a single word arithmetically masked. This problematic arises for instance in a secure implementation of the standard block ciphers GOST or SEED. A method using state of the art algorithms would be to first perform an arithmetic to boolean mask conversion before independently accessing the N SBoxes. Compared to this method, the algorithm proposed in this paper needs less code, less random generation and no extra memory. This makes our algorithm particularly suitable for very constrained devices. As a proof of concept, we compare an implementation in 8051 assembly language of our algorithm to the existing solutions.


Side Channel Analysis Differential Power Analysis Block Cipher SBox Arithmetic Masking Boolean Masking Mask Conversion 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Akkar, M.-L., Bévan, R., Goubin, L.: Two Power Analysis Attacks against One-Mask Methods. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 332–347. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Akkar, M.L., Giraud, C.: An Implementation of DES and AES, Secure against Some Attacks. In: Koç, et al. (eds.) [14], pp. 309–318Google Scholar
  3. 3.
    Biham, E., Shamir, A.: Power Analysis of the Key Scheduling of the AES Candidates. In: Second AES Candidate Conference – AES 2 (March 1999),
  4. 4.
    Blömer, J., Guajardo, J., Krummel, V.: Provably Secure Masking of AES. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 69–83. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, Quisquater (eds.) [12], pp. 16–29Google Scholar
  6. 6.
    Chari, S., Jutla, C., Rao, J., Rohatgi, P.: Towards Sound Approaches to Counteract Power-Analysis Attacks. In: Wiener (ed.) [27], pp. 398–412Google Scholar
  7. 7.
    Coron, J.-S., Tchulkine, A.: A New Algorithm for Switching from Arithmetic to Boolean Masking. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 89–97. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Debraize, B.: Efficient and provably secure methods for switching from arithmetic to boolean masking. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 107–121. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  9. 9.
    Genelle, L., Prouff, E., Quisquater, M.: Secure multiplicative masking of power functions. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 200–217. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Goubin, L.: A Sound Method for Switching between Boolean and Arithmetic Masking. In: Koç, et al. (eds.) [14], pp. 3–15Google Scholar
  11. 11.
    Goubin, L., Patarin, J.: DES and Differential Power Analysis – The “Duplication” Method. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 158–172. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  12. 12.
    Joye, M., Quisquater, J.-J. (eds.): CHES 2004. LNCS, vol. 3156. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  13. 13.
    Kim, H., Cho, Y.I., Choi, D., Han, D.G., Hong, S.: Efficient masked implementation for SEED based on combined masking. ETRI Journal 33(2), 267–274 (2011)CrossRefGoogle Scholar
  14. 14.
    Koç, Ç.K., Naccache, D., Paar, C. (eds.): CHES 2001. LNCS, vol. 2162. Springer, Heidelberg (2001)zbMATHGoogle Scholar
  15. 15.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener (ed.) [27], pp. 388–397Google Scholar
  16. 16.
    Lai, X., Massey, J.L.: A proposal for a new block encryption standard. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 389–404. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  17. 17.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks – Revealing the Secrets of Smartcards. Springer (2007)Google Scholar
  18. 18.
    Messerges, T.S.: Securing the AES Finalists Against Power Analysis Attacks. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 150–164. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    Neiße, O., Pulkus, J.: Switching Blindings with a View Towards IDEA. In: Joye, Quisquater (eds.) [12], pp. 230–239Google Scholar
  20. 20.
    Oswald, E., Mangard, S., Herbst, C., Tillich, S.: Practical Second-order DPA Attacks for Masked Smart Card Implementations of Block Ciphers. In: Pointcheval (ed.) [21], pp. 192–207Google Scholar
  21. 21.
    Pointcheval, D. (ed.): CT-RSA 2006. LNCS, vol. 3860. Springer, Heidelberg (2006)zbMATHGoogle Scholar
  22. 22.
    Prouff, E., Rivain, M.: A Generic Method for Secure SBox Implementation. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 227–244. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Rivain, M., Prouff, E.: Provably Secure Higher-Order Masking of AES. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 413–427. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  24. 24.
    Rivain, M., Dottax, E., Prouff, E.: Block Ciphers Implementations Provably Secure Against Second Order Side Channel Analysis. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 127–143. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  25. 25.
    Schramm, K., Paar, C.: Higher Order Masking of the AES. In: Pointcheval (ed.) [21], pp. 208–225Google Scholar
  26. 26.
    Telecommunications Technology Association: 128-bit symmetric block cipher (SEED), Seoul, Korea (1998)Google Scholar
  27. 27.
    Wiener, M. (ed.): CRYPTO 1999. LNCS, vol. 1666. Springer, Heidelberg (1999)zbMATHGoogle Scholar
  28. 28.
    Zabotin, I.A., Glazkov, G.P., Isaeva, V.B.: Cryptographic protection for information processing systems, government standard of the USSR, GOST 28147-89. Government Committee of the USSR for Standards (1989)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Luk Bettale
    • 1
  1. 1.Oberthur TechnologiesNanterre CedexFrance

Personalised recommendations